Description
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended (reopening the app would require the user to log in). The data exposed depends on the last application view displayed before the application was minimized This issue was fixed in version 4.71.0
Scores
CVSS v4
1.0
EPSS
0.0003
EPSS Percentile
7.7%
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-359
Status
published
Products (1)
Centralny Ośrodek Informatyki/mObywatel
< 4.71.0
Published
Feb 03, 2026
Tracked Since
Feb 18, 2026